JCC: For this application (where I have two dozen users who all know and trust each other working behind a well maintained firewall), I like your iptables suggestion better than setting up a proxy web server. I also appreciate Jamie Heilman's effort in taking the time to make sure I was aware of the security/stability issues of using a naked zope server. I tried changing the port to 8080 using /etc/zopectl/zopectlrc (per Jamie's suggestion that I was failing because I was trying to use a privileged port), and this silently failed (I still saw the zope intro page being served on port 9673). I apologize for only searching the last three month's of the list archive before posting. I appreciate your time and patience in responding to and educating me. Thank you, George Perry Electro Scientific Industries 13900 NW Science Park Drive Portland, OR 97229-5497 (503) 671-5234 -----Original Message----- From: J. Cameron Cooper [mailto:jccooper@jcameroncooper.com] Sent: Friday, November 07, 2003 1:25 PM To: George Perry Cc: zope@zope.org Subject: Re: [Zope] changing port from 9673 default
So changing the port is only an option if you run zope as root?
You must start Zope as root to bind to a "low" port. It will insist on being given a regular user to actually run as: read doc/SECURITY.txt. Another option is using your OS to do it:: /sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080 to get port masquerading from 8080 to 80 (although it won't work on localhost). This is an oft-discussed topic on the list, by the way. --jcc -- "My point and period will be throughly wrought, Or well or ill, as this day's battle's fought."